CVE-2024-45408

HIGH

elabftw 4.4.0-5.1.0 - Authenticated Improper Access Control

Title source: llm

Description

eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0. System administrators can disable anonymous access in the System configuration panel.

References (1)

Core 1

Core References

Third Party Advisory x_refsource_confirm

https://github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5

Scores

CVSS v3 7.5

EPSS 0.0039

EPSS Percentile 30.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

elabftw/elabftw 4.4.0 - 5.1.0

Published Oct 01, 2024

Tracked Since Feb 18, 2026